defirisk.co
rubric v1.7.0

Fix-merged-but-not-deployed gap

Pendle Finance's assessment for RD-F-140 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence of a known-undeployed fix. SECURITY.md absent (data cache) — no formal security process, but no post-mortem disclosures referencing a merged-but-undeployed fix found. [v1-deferred Pass 3]

Sources #

  • Curator note
    No known fix-merged-but-not-deployed gapsecurity_md_present: false in data cache; no fix-merged-but-not-deployed disclosure foundretrieved 2026-04-29

Methodology #

Determine whether a known vulnerability has a PR merged in the repo but the fix has not been included in the deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-140 score not_assessed collected_at 2026-04-28 21:09:40